1234567891011121314151617181920212223242526 |
- package com.yaozhitech.spring5.config;
- import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
- import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
- import org.springframework.context.annotation.Configuration;
- @Configuration
- public class RoleResourceConfiguration extends ShiroConfiguration{
-
- @Override
- public ShiroFilterChainDefinition shiroFilterChainDefinition() {
-
-
- DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
- // chainDefinition.addPathDefinition("/login", "noSessionCreation,anon"); //login不做认证,noSessionCreation的作用是用户在操作session时会抛异常
- // chainDefinition.addPathDefinition("/logout", "noSessionCreation,authcToken[permissive]"); //做用户认证,permissive参数的作用是当token无效时也允许请求访问,不会返回鉴权未通过的错误
- // chainDefinition.addPathDefinition("/image/**", "anon"); ,anyRole[admin,manager]
- chainDefinition.addPathDefinition("/**", "noSessionCreation,authcToken"); // 只允许admin或manager角色的用户访问
- // chainDefinition.addPathDefinition("/article/list", "noSessionCreation,authc");
- // chainDefinition.addPathDefinition("/article/*", "noSessionCreation,authc[permissive]");
- // chainDefinition.addPathDefinition("/**", "noSessionCreation,authc"); // 默认进行用户鉴权
-
- return chainDefinition;
- }
- }
|